1 /*++ 2 3 Copyright (c) 2004, Intel Corporation. All rights reserved.<BR> 4 This program and the accompanying materials 5 are licensed and made available under the terms and conditions of the BSD License 6 which accompanies this distribution. The full text of the license may be found at 7 http://opensource.org/licenses/bsd-license.php 8 9 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 10 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 11 12 Module Name: 13 14 Bis.h 15 16 Abstract: 17 18 This file defines the BIS protocol. 19 20 --*/ 21 22 #ifndef _BIS_H_ 23 #define _BIS_H_ 24 25 #include <EfiSpec.h> 26 27 // 28 // Basic types 29 // 30 typedef VOID *BIS_APPLICATION_HANDLE; 31 typedef UINT16 BIS_ALG_ID; 32 typedef UINT32 BIS_CERT_ID; 33 34 // 35 // EFI_BIS_DATA type. 36 // 37 // EFI_BIS_DATA instances obtained from BIS must be freed by calling Free( ). 38 // 39 typedef struct _EFI_BIS_DATA { 40 UINT32 Length; // Length of Data in 8 bit bytes. 41 UINT8 *Data; // 32 Bit Flat Address of data. 42 } EFI_BIS_DATA; 43 44 // 45 // EFI_BIS_VERSION type. 46 // 47 typedef struct _EFI_BIS_VERSION { 48 UINT32 Major; // BIS Interface version number. 49 UINT32 Minor; // Build number. 50 } EFI_BIS_VERSION; 51 52 // 53 // ----------------------------------------------------// 54 // Use these values to initialize EFI_BIS_VERSION.Major 55 // and to interpret results of Initialize. 56 // ----------------------------------------------------// 57 // 58 #define BIS_CURRENT_VERSION_MAJOR BIS_VERSION_1 59 #define BIS_VERSION_1 1 60 61 // 62 // EFI_BIS_SIGNATURE_INFO type. 63 // 64 typedef struct _EFI_BIS_SIGNATURE_INFO { 65 BIS_CERT_ID CertificateID; // Truncated hash of platform Boot Object 66 // authorization certificate. 67 // 68 BIS_ALG_ID AlgorithmID; // A signature algorithm number. 69 UINT16 KeyLength; // Length of alg. keys in bits. 70 } EFI_BIS_SIGNATURE_INFO; 71 72 // 73 // Currently defined values for EFI_BIS_SIGNATURE_INFO.AlgorithmID. 74 // The exact numeric values come from 75 // "Common Data Security Architecture (CDSA) Specification". 76 // 77 #define BIS_ALG_DSA (41) // CSSM_ALGID_DSA 78 #define BIS_ALG_RSA_MD5 (42) // CSSM_ALGID_MD5_WITH_RSA 79 // Currently defined values for EFI_BIS_SIGNATURE_INFO.CertificateId. 80 // 81 #define BIS_CERT_ID_DSA BIS_ALG_DSA // CSSM_ALGID_DSA 82 #define BIS_CERT_ID_RSA_MD5 BIS_ALG_RSA_MD5 // CSSM_ALGID_MD5_WITH_RSA 83 // The following is a mask value that gets applied to the truncated hash of a 84 // platform Boot Object Authorization Certificate to create the certificateID. 85 // A certificateID must not have any bits set to the value 1 other than bits in 86 // this mask. 87 // 88 #define BIS_CERT_ID_MASK (0xFF7F7FFF) 89 90 // 91 // Macros for dealing with the EFI_BIS_DATA object obtained 92 // from BIS_GetSignatureInfo() 93 // BIS_GET_SIGINFO_COUNT - tells how many EFI_BIS_SIGNATURE_INFO 94 // elements are contained in a EFI_BIS_DATA struct pointed to 95 // by the provided EFI_BIS_DATA*. 96 // 97 #define BIS_GET_SIGINFO_COUNT(BisDataPtr) ((BisDataPtr)->Length / sizeof (EFI_BIS_SIGNATURE_INFO)) 98 99 // 100 // BIS_GET_SIGINFO_ARRAY - produces a EFI_BIS_SIGNATURE_INFO* 101 // from a given EFI_BIS_DATA*. 102 // 103 #define BIS_GET_SIGINFO_ARRAY(BisDataPtr) ((EFI_BIS_SIGNATURE_INFO *) (BisDataPtr)->Data) 104 105 // 106 // Binary Value of "X-Intel-BIS-ParameterSet" Attribute. 107 // (Value is Base64 encoded in actual signed manifest). 108 // {EDD35E31-07B9-11d2-83A3-00A0C91FADCF} 109 // 110 #define BOOT_OBJECT_AUTHORIZATION_PARMSET_GUIDVALUE \ 111 { \ 112 0xedd35e31, 0x7b9, 0x11d2, \ 113 { \ 114 0x83, 0xa3, 0x0, 0xa0, 0xc9, 0x1f, 0xad, 0xcf \ 115 } \ 116 } 117 118 // 119 // -----------------------------------// 120 // EFI_BIS_PROTOCOL 121 // -----------------------------------// 122 // 123 #define EFI_BIS_PROTOCOL_GUID \ 124 { \ 125 0x0b64aab0, 0x5429, 0x11d4, {0x98, 0x16, 0x00, 0xa0, 0xc9, 0x1f, 0xad, 0xcf} \ 126 } 127 128 typedef struct _EFI_BIS_PROTOCOL EFI_BIS_PROTOCOL; 129 130 typedef 131 EFI_STATUS 132 (EFIAPI *EFI_BIS_INITIALIZE) ( 133 IN EFI_BIS_PROTOCOL * This, // this 134 OUT BIS_APPLICATION_HANDLE * AppHandle, // Application handle. 135 IN OUT EFI_BIS_VERSION * InterfaceVersion, // ver needed/available. 136 IN EFI_BIS_DATA * TargetAddress // Address of BIS platform. 137 ); 138 139 typedef 140 EFI_STATUS 141 (EFIAPI *EFI_BIS_FREE) ( 142 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 143 IN EFI_BIS_DATA * ToFree // EFI_BIS_DATA being freed. 144 ); 145 146 typedef 147 EFI_STATUS 148 (EFIAPI *EFI_BIS_SHUTDOWN) ( 149 IN BIS_APPLICATION_HANDLE AppHandle // From Initialize( ). 150 ); 151 152 typedef 153 EFI_STATUS 154 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE) ( 155 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 156 OUT EFI_BIS_DATA **Certificate // Pointer to certificate. 157 ); 158 159 typedef 160 EFI_STATUS 161 (EFIAPI *EFI_BIS_VERIFY_BOOT_OBJECT) ( 162 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 163 IN EFI_BIS_DATA * Credentials, // Verification signed manifest. 164 IN EFI_BIS_DATA * DataObject, // Boot object to verify. 165 OUT BOOLEAN *IsVerified // Result of verifcation. 166 ); 167 168 typedef 169 EFI_STATUS 170 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG) ( 171 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 172 OUT BOOLEAN *CheckIsRequired // Value of check flag. 173 ); 174 175 typedef 176 EFI_STATUS 177 (EFIAPI *EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN) ( 178 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 179 OUT EFI_BIS_DATA **UpdateToken // Value of update token. 180 ); 181 182 typedef 183 EFI_STATUS 184 (EFIAPI *EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION) ( 185 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 186 IN EFI_BIS_DATA * RequestCredential, // Update Request Manifest. 187 OUT EFI_BIS_DATA **NewUpdateToken // Next update token. 188 ); 189 190 typedef 191 EFI_STATUS 192 (EFIAPI *EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL) ( 193 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 194 IN EFI_BIS_DATA * Credentials, // Verification signed manifest. 195 IN EFI_BIS_DATA * DataObject, // Boot object to verify. 196 IN EFI_BIS_DATA * SectionName, // Name of credential section to use. 197 IN EFI_BIS_DATA * AuthorityCertificate, // Certificate for credentials. 198 OUT BOOLEAN *IsVerified // Result of verifcation. 199 ); 200 201 typedef 202 EFI_STATUS 203 (EFIAPI *EFI_BIS_GET_SIGNATURE_INFO) ( 204 IN BIS_APPLICATION_HANDLE AppHandle, // From Initialize( ). 205 OUT EFI_BIS_DATA **SignatureInfo // Signature info struct. 206 ); 207 208 #define EFI_BIS_PROTOCOL_REVISION 0x00010000 209 210 struct _EFI_BIS_PROTOCOL { 211 // 212 // member vars 213 // 214 UINT64 Revision; 215 216 // 217 // methods 218 // 219 EFI_BIS_INITIALIZE Initialize; 220 EFI_BIS_SHUTDOWN Shutdown; 221 EFI_BIS_FREE Free; 222 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CERTIFICATE GetBootObjectAuthorizationCertificate; 223 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_CHECKFLAG GetBootObjectAuthorizationCheckFlag; 224 EFI_BIS_GET_BOOT_OBJECT_AUTHORIZATION_UPDATE_TOKEN GetBootObjectAuthorizationUpdateToken; 225 EFI_BIS_GET_SIGNATURE_INFO GetSignatureInfo; 226 EFI_BIS_UPDATE_BOOT_OBJECT_AUTHORIZATION UpdateBootObjectAuthorization; 227 EFI_BIS_VERIFY_BOOT_OBJECT VerifyBootObject; 228 EFI_BIS_VERIFY_OBJECT_WITH_CREDENTIAL VerifyObjectWithCredential; 229 }; 230 231 extern EFI_GUID gEfiBisProtocolGuid; 232 233 #endif 234